Score:0

Server

Can you turn off Exchange transport certificate expiration warnings (event 12017)

mcwayliffe

5/14/23, 8:00 PM

For the last few days, the system log on our Exchange server has been filled with "errors" like the following:

Error   1/14/2022 2:15:10 PM    MSExchangeFrontEndTransport 12017   TransportService
An internal transport certificate will expire soon. Thumbprint: 1E7CC2E1C3F0737651FEB99B0BEF5546154B404A, expires: 4/4/2022 1:28:15 PM

These errors fire once every fifteen minutes. Since the certificate does not expire for several months, I do not want to deal with them right now. Unfortunately, our monitoring system is not very granular and alerts us about any number of errors over some low threshold. In other words, having an error added every 15 minutes is causing a lot of false alerts.

Is there any way to turn these alerts off at the source? I poked around a little bit on various Microsoft forums and found a command which ostensibly disables this particular monitor until a later date, but the errors keep coming:

Add-GlobalMonitoringOverride -Identity "HubTransport\Transport.ServerCertExpireSoon.Monitor" -PropertyName Enabled -PropertyValue 0 -Duration 72.00:00:00 -ItemType Monitor

Any tips on where I should look next? I would rather suppress these at the source than filter them from the monitoring system, as I'd still like to know that my certs are expiring. I just don't need to know three months in advance.

122

0 + 0

monitoring

exchange

Zac67

5/15/23, 5:53 AM

How about configuring an event filter on the monitoring system?

pzkpfw

5/15/23, 8:49 AM

This is not a Nagios question

mcwayliffe

5/17/23, 2:20 PM

@pzkpfw Sorry about that. We are monitoring the exchange server via Nagios and I originally had some details about that in the question, but it turned out not to be relevant.

Score:1

Server

Joy Zhang

5/17/23, 2:52 AM

You can't stop logging for a specific event ID, but you can lower the event log level.

Set-EventLogLevel -Identity "HubTransport\Transport.ServerCertExpireSoon.Monitor" -Level Low

For more details: Manage Diagnostic Logging Levels

In addition, here's a similar thread for your reference: Can I disable Windows Event Logging for a certain service?

0 + 0

mcwayliffe

5/17/23, 2:47 PM

Unfortunately, the logging level for that event is already at the lowest. Here's the output of `Get-EventLogLevel`: `SERVER\MSExchangeFrontEndTransport\TransportService Lowest`

Joy Zhang

5/19/23, 7:24 AM

As I have replied above, you can't seem to stop logging for a specific event ID.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can you turn off Exchange transport certificate expiration warnings (event 12017)

TH: คุณสามารถปิดคำเตือนการหมดอายุของใบรับรองการขนส่ง Exchange (เหตุการณ์ 12017)

RO: Puteți dezactiva avertismentele de expirare a certificatului de transport Exchange (eveniment 12017)

RU: Можно ли отключить предупреждения об истечении срока действия транспортного сертификата Exchange (событие 12017)

VI: Bạn có thể tắt cảnh báo hết hạn chứng chỉ vận chuyển Exchange (sự kiện 12017)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.